Texas-based cybersecurity company Intrusion was charged with fraud by the Securities and Exchange Commission regarding alleged materially false and misleading statements made by its former chief executive.
A final version of California’s cybersecurity audit rules likely won’t be released until later next year at the earliest, according to a rough timeline discussed by the California Privacy Protection Agency.
Verizon Business Network Services agreed to pay approximately $4.1 million to settle allegations levied by the Department of Justice regarding false claims caused by failure to fully implement cybersecurity controls required of a government contractor.
Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
CPE Webcast: Five deliverables every cybersecurity team needs to survive, thrive and comply with the new SEC Cybersecurity Rule
In today’s fast-paced business world, firms must adapt to the ever-changing mobile compliance and technology landscape to stay competitive.
New York will closely monitor the cybersecurity protections in place at institutions in the financial and energy sectors as part of its first statewide cybersecurity strategy.
Learn what cybersecurity strategy, governance, and risk management are and how to use an emerging definition for reasonable cybersecurity controls to help you define materiality.
Covington & Burling is leaving open the possibility of appealing a recent federal court order requiring the law firm to provide the names of hacked clients to the Securities and Exchange Commission.
The Federal Reserve listed the proliferation of generative artificial intelligence tools among areas of emerging cybersecurity threats for banks to monitor as part of its annual resilience report.
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.
Sen. Ron Wyden (D-Ore.) is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.
The Securities and Exchange Commission finalized its controversial rule requiring public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days.
The global average cost of a data breach reached a new all-time high of $4.45 million in 2023, according to IBM’s annual report.
Technology companies including Google, Meta, and OpenAI agreed to a series of voluntary commitments they’ll make regarding their management of risks when developing artificial intelligence systems.
The “biggest, most capable, and best-positioned” businesses must assume a greater share of mitigating cyber risks, the White House said in announcing the National Cybersecurity Strategy Implementation Plan.
The most popular mock exams conducted by compliance professionals at investment adviser firms this year have been on the Securities and Exchange Commission’s advertising/marketing rule, according to a new poll.
Not all companies can rely on bans or restrictions to employee use of generative artificial intelligence like ChatGPT. Instead of telling people what they can’t do, focus on what they can do.
The Enforcement Division of the Commodity Futures Trading Commission announced it established two new task forces to combat cyberattacks and misuse of technology and environmental fraud.
More than 130 organizations are believed to have been impacted by the MOVEit hack, with millions of people’s data at risk. Experts opine on the struggles businesses face in containing exposure.
The No. 1 priority at the Securities and Exchange Commission after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to Enforcement Division Director Gurbir Grewal.
The Australian Prudential and Regulation Authority will require Medibank Private to hold 250 million Australian dollars (U.S. $166 million) in extra capital until the insurer remediates identified cybersecurity weaknesses after a significant data breach.
In an era marked by an increase in digital threats, it’s vital to understand how sophisticated cybercriminal syndicates like Clop can impact the financial sector.
Compliance teams are taking more responsibility for issues related to information security and data privacy, motivated by increasing threats posed by data breaches and cyber intrusions, according to a new survey from NAVEX.
The Commodity Futures Trading Commission’s Technology Advisory Committee sponsored by Commissioner Christy Goldsmith Romero is crafting potential rulemaking to establish cyber resiliency baselines among swap dealers and futures commission merchants.
The rest of the year is shaping up to be busy at the Securities and Exchange Commission, where final rules regarding climate-related disclosures, enhanced cybersecurity risk governance, and more are all on the near-term agenda.
About 83 percent of data breaches are perpetrated by external bad actors and not employees, with 70 percent of those breaches linked to organized crime groups with financial motives, according to the latest research.
A new report by KPMG on key regulatory challenges for the second half of 2023 warned financial institutions to prepare for increased scrutiny, while all companies should expect more questions on how they oversee their cybersecurity and data management programs.
Amazon is set to pay more than $30 million comprised of a civil penalty and consumer refunds to resolve two separate cases alleging privacy violations regarding its Alexa voice assistant service and Ring doorbell subsidiary.
As companies face sustainability reporting challenges, accounting and audit firms are fielding increased requests for assistance, along with demands from investors and regulatory bodies for assurance on disclosures.
Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.
Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.
The former chief security officer of Uber Technologies was sentenced to probation by a federal court judge as punishment for his involvement in covering up a 2016 data breach that affected 57 million users.
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.
Some U.S. hospitals are falling short in protecting themselves from cyberattacks, with 29 percent of facilities recently surveyed lacking a documented GRC system, a new report from the Department of Health and Human Services found.
Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.
A new U.S. Treasury report concluded that decentralized finance services are being used by bad actors to launder the proceeds of illegal activity, aided by crypto platforms weak or non-existent in anti-money laundering and sanctions compliance programs.
How can you build a mature cyber resilience program within your business with a critical lack of technical know-how, significant budget constraints, and few-to-no monitoring of third-party risks?
The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.
The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
Web hosting company Jelly Bean Communications Design and its manager agreed to pay $293,771 in the latest Department of Justice case holding government contractors accountable for poor cybersecurity practices.
Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.
The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.
As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?
Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.